Fedora 22 : perl-DBD-Firebird-1.19-1.fc22 (2015-5499)

DBD::Firebird 1.19 2015-03-22 =============================== - Fix $VERSION in Firebird.pm - Fix typo in ISCPASSWORD spelling - Positive logic and early return - Allow re-executing/fetch on prepared sth RT92810, Tux - Add rests for $dbh-Name and others - Implement $dbh-Name - Fix attributions to...

Firebird ISC_PASSWORD环境变量非授权访问漏洞

BUGTRAQ ID: 29123 CVECAN ID: CVE-2008-1880 Firebird是一款提供多个ANSI SQL-92功能的关系型数据库，可运行在Linux、Windows和各种Unix平台下 Gentoo的init脚本（/etc/conf.d/firebird）在启动Firebird时默认会设置ISCPASSWORD环境变量，当以SYSDBA用户身份连接的客户端没有提供口令时会使用这个变量，这允许远程攻击者无需提供凭据便认证为SYSDBA用户，访问除用户和口令数据库之外的整个数据库。 Firebird 2.0.3.12981.0 Gentoo ------...

Firebird on Gentoo Linux /etc/conf.d/firebird Invocation ISC_PASSWORD Authentication Bypass

The version of Firebird on the remote host sets the 'ISCPASSWORD' environment variable before starting the database server and uses that for remote client connections when a password is not supplied. An attacker can leverage this issue to connect as 'SYSDBA' with an empty password and gain access...

Default configuration

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...

CVE-2008-1880

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...

GLSA-200805-06 : Firebird: Data disclosure

The remote host is affected by the vulnerability described in GLSA-200805-06 Firebird: Data disclosure Viesturs reported that the default configuration for Gentoo's init script '/etc/conf.d/firebird' sets the 'ISCPASSWORD' environment variable when starting Firebird. It will be used when no...